Unified Threat Management - Support | GTA, Inc.

		                         

                        GB-OS FIREWALL SOFTWARE
                            VERSION 5.0.2
                            RELEASE NOTES

Author:     Global Technology Associates, Inc.
Product:    GB-OS version 5.0.2
Date:       12 December 2007

-------------------------------------------------------------------------
GB-OS version 5.0.2 includes updated versions of the following GTA
products and utilities:

    GB-OS 5.0.2

Release notes are located on the installation CD and on GTA's web site.

For more about upgrading related software, see individual product
release notes.

-------------------------------------------------------------------------
CONTENTS
Release Notes sections are categorized first by feature addressed, then
by the type of change.

1.  INSTALL NOTES

2.  CONFIGURATION

3.  SYSTEM

4.  ACCOUNTS

5.  NETWORK

6.  SECURITY POLICIES

7.  SERVICES

8.  THREAT MANAGEMENT

9.  VPN

10. ACTIVITY

11. OPERATING SYSTEM

12. RELEASE NOTES HISTORY

-------------------------------------------------------------------------

1.  INSTALL NOTES

    1.1 Corrupt Names and Descriptions
      
       GB-OS 5.0 uses the UTF-8 character set, wherein the past previous
       versions of GB-OS allowed administrators to select the character
       set according to their locale. Before upgrading to GB-OS 5.0, it is
       necessary to match your web browser's character set with the
       character set used by GB-OS.  In GB-OS 3.x, the default character
       set is selected at Basic Configuration>Preferences.  In GB-OS
       4.0, the default character set is selected at
       Configuration>Accounts>Preferences.

    1.2 Entering New Activation Codes
    
        If upgrading from 4.0.5 or below, new activation codes must be
        entered. GB-OS version 5.0.2 is available at no charge to
        customers with a GTA support contract or annual maintenance
        agreement. Other users should contact their local GTA channel
        partner or email sales@gta.com for information and pricing of
        upgrade options.
        
    1.3 Upgrading From GB-OS 3.4.0 Through GB-0S 4.0.2
    
        If upgrading from GB-OS 3.4 through GB-OS 4.0.2, it is necessary
        to first upgrade to an interim version of GB-OS before
        installing GB-OS 5.0.  For upgrade instructions, refer to
        Reference D in the GB-OS User's Guide.

    1.4 Upgrading Hard Drive GB-Ware Installations from 3.4.x to 5.0.2

        When upgrading a hard drive GB-Ware firewall from version 3.4.x 
        to 5.0.2:

            1.  Back up the firewall configuration.
            2.  Reinstall the firewall software completely from the CD.
            3.  Restore the configuration.

        The GB-Ware CD image (ISO-9660) is available for download from 
        GTA's Online Support Center 
        (https://www.gta.com/support/center/login/). Failure to reinstall
        from CD may cause hard drive geometry errors that prevent the 
        upgrade.
        
    1.5 Upgrade Notes   
        
      1.5.1 Error Messages Upon Initial Reboot
    
            Upon rebooting after successful installation, the GTA
            Firewall UTM Appliance may display errors when accessed
            using the Web interface.  This is expected, these errors are
            generated because the browser's cache is trying to access
            files and locations that no longer apply. Click OK to any
            displayed errors and refresh the browser window to access
            GB-OS 5.0. If the error messages persist, clear your
            browser's cache.

      1.5.2 Default Login and Password Changes
        
            Firewall administrators who have never changed their default
            login and password in the Admin Accounts section of GB-OS
            3.x will find that their default account's login information
            will no longer work with GB-OS 5.0.  After the firewall
            administrator has upgraded to GB-OS 5.0, their login and
            password will both default to "fwadmin".
            
      1.5.3 GB-250 Upgrade Notice
      
            GB-250 Firewall UTM Appliances may reboot multiple times,
            and may install GB-OS 5.0 on both memory slices during the
            upgrade process.  It is important that administrators DO NOT
            shut down their firewall when upgrading to GB-OS 5.0.  If
            GB-OS 5.0 is installed on both memory slices, it will not be
            possible to revert back to the previously installed version
            of GB-OS.
            
      1.5.4 GB Commander 1.1 No Longer Supported
      
            GTA Firewall UTM Appliances operating GB-OS 5.0 do not
            support GB Commander 1.1. As such, GB Commander 1.1
            administrators will no longer be able to monitor firewalls
            that have been upgraded to GB-OS 5.0.
            
            Administrators of GTA firewalls monitored by GB Commander
            1.1 may either upgrade their firewalls to GB-OS 5.0 and lose
            GB Commander support or they may wait until GB Commander 2.0
            has been released before they upgrade their firewalls to
            GB-OS 5.0.
                      
      1.5.5 VPN Object Names
    
            Previously defined VPN objects will have the GB-OS version
            number appended to their name after the GTA firewall has
            been upgraded to version 5.0.  For example, a VPN object
            with a name of IKE in GB-OS 3.7.0 will be named IKE_370
            after the upgrade.
          
      1.5.6 Service Group Object Modifications
          
            The built-in DNS Zone service group object has been merged
            with the DNS Lookups service group object.  Therefore,
            configurations that reference the now defunct DNS Zone
            service group object will need to be updated to reference
            the DNS Lookups service group object.    
        
    1.6 Platform Independent Web Interface
    
        GB-OS 5.0 includes a platform independent web interface which
        provides an improved workflow, user-friendly design with
        enhanced features such as offline configuration and verification
        using GB-OS 5.0's Test Mode. GBAdmin is not supported in
        GB-OS 4.0 and above.

    1.7 SSL Certificate Replacement

        GB-OS version 5.0 will install a new default security/SSL
        certificate. Some browsers, including Netscape and Mozilla,
        will not recognize the new certificate if the original has
        never been replaced. If you are unable to log on to the
        firewall after upgrading, delete the browser's cached security
        certificate, then close and restart your browser before
        reattempting remote access to your firewall.


2.  CONFIGURATION

    2.1 Modifications
    
        2.1.1   Users without administrative privileges can now export
                configurations.
                GBOS5020004692

    2.2 Bug Fixes
    
        2.2.1   The inbound option is now correctly set for pass through
                hosts/networks when importing a configuration.
                GBOS5020004604
                
        2.2.2   The Web interface no longer crashes when XML files
                that are not encoded in the UTF-8 file format are
                imported into the configuration.
                GBOS5020004873
                
        2.2.3   Emailed configurations in both HTML and ZIP format have
                an improved display and now include authenticated user
                information.
                GBOS5020004969, GBOS5020004970        


3.  SYSTEM

    3.1 Modifications
    
        3.1.1   Disabled VLANs and aliases now appear in drop-down
                lists when defining and editing address objects.
                GBOS5020004613
    
        3.1.2   The Network Time service is now enabled by default, and
                uses servers belonging to the NTP Pool Project.
                GBOS5020004382
                
        3.1.3   The Network Time service now properly looks up an
                NTP server when the external interface uses a dynamic
                IP address.
                GBOS5020004607
                
        3.1.4   Network Time Protocol tunnels automatically close
                after 20 seconds if a response is received, and after 60
                seconds if no response is received.
                GBOS5020004745
                
        3.1.5   Timezone information has been updated.
                GBOS5020004699         


4.  ACCOUNTS

    4.1 Bug Fixes
    
        4.1.1   The Authentication screen now correctly saves bind
                options and remembers the state of advanced tabs.
                GBOS5020004667
                
        4.1.2   Settings configured in the Authentication screen now
                properly take effect when saved.
                GBOS5020004687
                
        4.1.3   Users configured to use certificates for their mobile
                VPN settings no longer fail to authenticate with the
                firewall using GBAuth.
                GBOS5020004662
                
        4.1.4   A memory leak in the authentication service has been
                resolved.
                GBOS5020004671        
                
5.  NETWORK

    5.1 Modifications
        
        5.1.1   Gateway policies' beacon TTL (Time To Live) has been
                increased from 5 to 30.
                GBOS5020004680
                
        5.1.2   An 'Add Static Routes For Beacons' checkbox has been
                added under the Advanced tab for Gateway Policies.
                GBOS5020004746
                
        5.1.3   GB-OS now uses a VLAN's ID when creating an internal
                VLAN device name.
                GBOS5020004773
        
        5.1.4   GB-OS now creates VLAN interfaces as 'vlan#', where '#'
                corresponds to the VLAN interfaces' ID.
                GBOS5020004722, GBOS0004673

    5.2 Bug Fixes
    
        5.2.1   PPPoE interfaces with an on-demand PPP connection type
                now function properly.
                GBOS5020004646
                
        5.2.2   GB-OS no longer fails to re-authenticate with a Digital
                Subscriber Line Access Multiplexer (DSLAM) using a PPPoE
                connection.
                GBOS5020004636
                              
        5.2.4   GB-OS no longer attempts to use configured gateways
                that have been disabled.
                GBOS5020004597
                
        5.2.5   GB-OS now correctly removes gateways when deleted from
                the configuration.
                GBOS5020004405
                
        5.2.6   DHCP clients associated with configured VLANs are now
                properly stopped when the VLAN is disabled.
                GBOS5020004986
                
        5.2.7   VLAN IDs with more than three digits are no longer
                truncated.
                GBOS5020004984      
                
                
6.  SECURITY POLICIES 

    6.1 Bug Fixes
    
        6.1.1   Previously configured security policies that use VLAN
                interfaces now properly function if the security policy
                is edited and saved.
                GBOS5020004793   
                
        6.1.2   Security policies and inbound tunnels with IPS and TCP
                SYN Cookies enabled no longer generate unnecessary
                latency between connections.
                GBOS5020004660
                
        6.1.3   The Automatic Policies toggle on the Security Policies
                Preferences screen now also enables or disables
                automatic policies for IPSec and inbound tunnels. 
                GBOS5020004305
        

7.  SERVICES

    7.1 Modifications
    
        7.1.1   GB-OS now reports "Unable to open configuration" when
                an H2A update is performed and the slave H2A firewall is
                unreachable.
                GBOS5020004876
                
        7.1.2   The DHCP server has been updated.
                GBOS5020004740
                
        7.1.3   GB-OS now uses GTA's object identifier (OID) when
                generating SNMP traps.
                GBOS5020004977        
                
    7.2 Bug Fixes
        
        7.2.1   A memory leak in the Firewall Control Center service
                has been resolved.
                GBOS5020004905
                
        7.2.2   GB-OS now verifies that DNS servers configured for the
                DNS proxy are remote IP addresses.
                GBOS5020004985        
                 
                   
8.  THREAT MANAGEMENT
  
    8.1 Enhancements
    
        8.1.1   Surf Sentinel now provides improved handling of SSL
                connections.
                GBOS5020004739
                
        8.1.2   Mail Sentinel log messages have been improved.
                GBOS5020004744
                
        8.1.3   The IPS engine and policies have been updated.
                GBOS5020004955, GBOS5020004933      

    8.2 Bug Fixes
    
        8.2.1   GB-OS Mail Sentinel Anti-Spam and Mail Sentinel
                Anti-Virus licenses now remain valid if GTA servers
                cannot be reached.
                GBOS5020004679
                
        8.2.2   The number of available IPS policies is now properly
                displayed when no IPS policies are enabled.
                GBOS5020004583
                
        8.2.3   IPS now protects packets passed to Surf Sentinel to
                prevent system crashes.
                GBOS5020004748      
                
        8.2.4   GB-OS no longer crashes when Surf Sentinel processes a
                long URL.
                GBOS5020004811        

9. VPN

    9.1 New Features
    
        9.1.1   The percentage of available security associations used
                is now displayed in the Monitor>Activity>VPN>IPSec
                Tunnels and and Monitor>System>Overview screens.
                GBOS5020004927

    9.2 Bug Fixes
    
        9.2.1   Advanced tabs are now properly displayed when
                navigating between defined IPSec tunnels.
                GBOS5020004612
                
        9.2.2   Mobile users that have authenticated with GB-OS using
                VPN certificates are now identified in the Monitoring
                section.
                GBOS5020004895
                
        9.2.3   GB-OS now correctly calculates security associations
                configured by GTA Mobile VPN Clients.
                GBOS5020004932
                
        9.2.4   GB-OS now supports multiple subnets when using the GTA
                Mobile VPN Client.
                GBOS5020004954        
                       
                
10. ACTIVITY
    
    10.1 Bug Fixes
    
        10.1.1  Automatic policies created by inbound tunnels that use
                port redirection are now properly displayed in the
                Monitor section.
                GBOS5020004115
                
        10.1.2  The time to expire for a DHCP lease is now correctly
                displayed.
                GBOS5020004659
                
        10.1.3  GB-OS no longer displays IPS information in the
                Monitor>Activity>Threat Management screen for firewalls
                that do not support IPS.
                GBOS5020004962        
     
            
11. OPERATING SYSTEM
     
    11.1 New Features
    
        11.1.1  Support for resetting the configuration to factory
                defaults has been added by using the reset button for
                the GB-250 Firewall UTM Appliance Family.
                GBOS5020004936
                
        11.1.2  Support has been added for USB to serial adapters. The
                following adapters are compatible with GTA Firewall UTM
                Appliances: iConnnect model #3312 and IOGEAR model
                #GU232A.
                GBOS5020004883
                
        11.1.3  GB-OS now includes Dutch localization.
                GBOS5020004967
                
        11.1.4  GB-OS now includes enhanced monitoring of active TCP
                connections for valid reset packets.
                GBOS5020004964
                
        11.1.5  Support added for the GB-250 Rev B Firewall UTM
                Appliance Family.
                GBOS5020004979        
    
    11.2 Enhancements
    
        11.2.1  Verification of configuration settings has been
                improved.
                GBOS5020004694, GBOS5020004603, GBOS5020004292,
                GBOS5020004749, GBOS5020001443, GBOS5020003749,
                GBOS5020004161, GBOS5020004405
                
        11.2.2  Support has been added for FTP connections using SSL.
                GBOS5020004771
                
        11.2.3  GB-OS now verifies that all characters entered into
                the configuration are valid UTF-8 characters.
                GBOS5020004874        
                
    11.3 Modifications
    
        11.3.1  JavaScript warnings have been cleaned up.
                GBOS5020004693      
                
    11.4 Bug Fixes
    
        11.4.1  GB-OS no longer reboots the system when configured to
                log policy blocks and a DoS attack of TCP FIN and TCP
                ACK packets is received.
                GBOS5020004647  
                            
        11.4.3  GB-OS now properly sends SNMP traps when configured to
                do so.
                GBOS5020004885
                
        11.4.4  GB-OS now correctly identifies email addresses when
                the address begins with a digit.
                GBOS5020004882
                
        11.4.5  GB-Ware firewalls with an unrestricted user license no
                longer fail to update when new policies are pushed to
                the system by GB Commander 2.0.
                GBOS5020004915      
          
               
12. RELEASE NOTES HISTORY

    12.1    Previous Release Notes
            These notes cover the 5.0.2 release of GB-OS. Release notes 
            for previous versions can be found at GTA's web site, 
            http://www.gta.com.

-------------------------------------------------------------------------
Global Technology Associates, Inc.
3505 Lake Lynda Drive, Suite 109
Orlando, Florida 32817
www.gta.com
407.380.0220		



Copyright © 2014 Global Technology Associates, Inc. All rights reserved.

'GB-OS' and 'GB-Ware' are registered trademarks of Global Technology Associates, Incorporated.
'Global Technology Associates' and 'GTA' are service marks of Global Technology Associates, Incorporated.